Malicious PDF — malware analysis report

Static analysis result for SHA-256 d3d9fed2df785b15…

MALICIOUS

PDF

14.5 KB Created: 2019-05-02 05:47:57 +01:00 Authoring application: mPDF 5.7
MD5: 38456ed83c6b5f21e6d89e713aac95bb SHA-1: 1b5a71905a0966f4b12a18bc9d9ef99f3c9a00f9 SHA-256: d3d9fed2df785b154fd4c4deb83889c6d009efb355a036afbac81b6354d9edee
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a large number of embedded links pointing to external PDF documents hosted on the domain 'cefasfese.4pu.com'. This behavior is indicative of a link farm or a phishing lure designed to redirect users to potentially malicious content. The ML classifier also flagged this PDF as malicious with a high probability. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9798

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://cefasfese.4pu.com/6735730733736/Being-Jazz-My-Life-as-a-Transgender-Teen-by-Jazz-Jennings.pdf
    • http://cefasfese.4pu.com/2737733735731733/Being-Jazz-My-Life-as-a-Transgender-Teen-by-Jazz-Jennings.pdf
    • http://cefasfese.4pu.com/9736737732731738/Where-is-Jazz-D-nde-est-Jazz-by-Mar-a-Luisa-Retana.pdf
    • http://cefasfese.4pu.com/2730737731738731/Jazz-Life-by-William-Claxton.pdf
    • http://cefasfese.4pu.com/6732732735732735/All-His-Jazz-The-Life-And-Death-Of-Bob-Fosse-by-Martin-Gottfried.pdf
    • http://cefasfese.4pu.com/1730735731736733737/Through-No-Fault-of-My-Own-A-Girl-s-Diary-of-Life-on-Summit-Avenue-in-the-Jazz-Age-by-Coco-Irvine.pdf
    • http://cefasfese.4pu.com/1738739734733/Irrepressible-The-Jazz-Age-Life-of-Henrietta-Bingham-by-Emily-Bingham.pdf
    • http://cefasfese.4pu.com/8731736739733734/Jazz-Is-by-Nat-Hentoff.pdf
    • http://cefasfese.4pu.com/8731736739733735/The-Jazz-Master-by-Devashish.pdf
    • http://cefasfese.4pu.com/4739737735738734/Talking-Jazz-by-Ben-Sidran.pdf
    • http://cefasfese.4pu.com/1735732735733737/Jazz-by-Toni-Morrison.pdf
    • http://cefasfese.4pu.com/3736732737737/Jazz-Etc-by-John-Murray.pdf
    • http://cefasfese.4pu.com/3732739730735736/Jazz-by-Toni-Morrison.pdf
    • http://cefasfese.4pu.com/8731736738730737/Jazz-by-Gary-Giddins.pdf
    • http://cefasfese.4pu.com/1730731732735730734/Jazz-Cultures-by-David-Ake.pdf
    • http://cefasfese.4pu.com/1736735735733737/Against-All-Odds-by-Jazz-Singh.pdf
    • http://cefasfese.4pu.com/8731736736736730/The-History-of-Jazz-by-Ted-Gioia.pdf
    • http://cefasfese.4pu.com/4731732733738/This-Jazz-Man-by-Karen-Ehrhardt.pdf
    • http://cefasfese.4pu.com/9734730739733731/Heaven-Was-Detroit-From-Jazz-To-Hip-Hop-And-Beyond-by-M-L-Liebler.pdf
    • http://cefasfese.4pu.com/1734735732731/The-Jazz-Man-by-Mary-Hays-Weik.pdf
    • http://cefasfese.4pu.com/4739737735738734

Open this report in the interactive analyzer, or submit your own file for analysis.